Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Ordinary digital signature scheme

Figure 2.1. Components of ordinary digital signature schemes. Figure 2.1. Components of ordinary digital signature schemes.
A bit more precisely, the components of an ordinary digital signature scheme and their interaction are usually depicted as in Figure 2.2. ... [Pg.14]

Hence the goal was one common definition that should at least cover the GMR definition, the schemes invented as ordinary digital signature schemes but not exactly fitting the GMR definition, and all the existing variants of fail-stop and invisible signature schemes, where existing means that a concrete construction has been proposed in the literature. Such a definition is sketched here. [Pg.47]

Figure 5.1. Example of interface events and entities if an ordinary digital signature scheme is modeled (incomplete). Figure 5.1. Example of interface events and entities if an ordinary digital signature scheme is modeled (incomplete).
However, in practice, the identity is present in the entity under an access point in the form of access to a broadcast channel under this previously known identity (for the time of initialization). For instance, with an ordinary digital signature scheme, the public key is broadcast on this channel inside the system during such an initialization. Similarly, if the system contained an authority that issues key certificates, the entity would need access to a secure channel to the authority under this identity, e.g., via the user who makes a handwritten signature. Note that the entities of all signers still use the same program e.g., they use a particular port for broadcast outputs. [Pg.69]

Ordinary digital signature schemes and the information-theoietically secure digital signature schemes of [ChRo91, PfWa92] are of this type. [Pg.90]

These security types are mainly treated in Section 5.4.3. With the ordinary type of security, known from ordinary digital signature schemes, the requirement of the recipient on disputes is guaranteed with the high degree of security, whereas the court may wrongly decide for the recipient in extreme situations. To its right, a type of security dual to ordinary security is shown. [Pg.94]

Particularly efficient implementations of fail-stop and dual signature schemes (see Figure 5.12) and of the ordinary digital signature scheme GMR (see [FoPf91]) exist in this case. [Pg.97]

Ordinary security is the type of security that ordinary digital signature schemes offer The requirement of the signer on disputes is fulfilled computationally only, that of the recipient information-theoretically, and there is no fail-stop property. If transferability is required, the effectiveness of transfers also holds information-theoretically. [Pg.120]

With ordinary security, the recipient may or may not be secure without an error probability. (In ordinary digital signature schemes, he is.)... [Pg.124]

The reason is that these two properties, like the security types, have always been seen as so clear deviations from ordinary digital signature schemes that, if present in a signature scheme, they are mentioned in the name. In fact, invisibility makes quite a difference to the legal environment needed for signatures (see Section 5.2.8,... [Pg.125]

This section discusses possible benefits of the new types of signature schemes in applications. It resumes Section 3.1, where some problems with ordinary digital signature schemes were sketched, which can now be described as problems with ordinary security. Hence it is now discussed what advantages other security types may have with respect to the legal and social requirements from Chapter 1. [Pg.134]

The complexity of the most efficient schemes for signing one message block is almost as low as that of efficient ordinary digital signature schemes. The same holds if message hashing is added. (Note that this subsection assumes a fixed risk bearer or any other version that has the same effect on the efficiency of authentication, cf. Figure 6.2.)... [Pg.144]

If one considers all schemes that look moderately secure, such as RSA with the additional measures described in Section 2.5, ordinary digital signature schemes exist where the complexity of one authentication is independent of the overall number of messages to be authenticated. In this case, one usually decides to trust fast hash functions, too, so that long messages can be signed fast. [Pg.145]

As mentioned in Section 6.1.2, more efficient constructions exist for the case of a fixed recipient, which is rather important in practice (see Section 6.2). They can be seen as special variants of tree authentication that exploit the fact that the recipient s entity can store information about the current tree. Hence only one new leaf, instead of one complete branch, has to be sent and tested during each authentication, see Section 10.6. The complexity of fail-stop signature schemes with fixed recipient is therefore comparable to that of ordinary digital signature schemes. [Pg.145]

The actual definition of so-called standard fail-stop signature schemes is contained in Section 7.1. In Section 7.2, relations to alternative or additional security properties are shown. Section 7.3 presents fail-stop signature schemes with prekey, an important subclass, and proves simplified security criteria for them. Section 7.4 shows the relation between standard fail-stop signature schemes and ordinary digital signature schemes. Section 7.5 contains constructions of schemes with many risk bearers from schemes with one risk bearer. [Pg.149]

Previous formal definitions of fail-stop signature schemes [Pfit89, PfWa90, PePf95] were derived bottom-up from the GMR definition of ordinary digital signature schemes with only those extensions that occurred in the constructions, as in Section 3.2. Thus, compared with the general definition, they have all the restrictions listed in Section 6.1.2 and a few more, which seemed too technical to be mentioned there. [Pg.149]

If the prekey is locally verifiable, key distribution is identical to ordinary digital signature schemes after the initial publication of the prekey Every new signer simply publishes her main public key (except that, if the local verification of the prekey yielded FALSE, the signer would have to call on recipients and courts to punish the risk bearer). ... [Pg.201]

Nevertheless, standard fail-stop signature schemes used in this way are not standard ordinary digital signature schemes, mainly because the latter have non-interactive key generation. However, if the output broken in disputes is replaced with TRUE, no risk remains for anybody except for the signer. Hence one can permit the signer s entity to carry out the complete key generation on its own. [Pg.202]

See other pages where Ordinary digital signature scheme is mentioned: [Pg.10]    [Pg.27]    [Pg.31]    [Pg.33]    [Pg.33]    [Pg.33]    [Pg.33]    [Pg.34]    [Pg.35]    [Pg.61]    [Pg.69]    [Pg.78]    [Pg.84]    [Pg.99]    [Pg.101]    [Pg.101]    [Pg.106]    [Pg.106]    [Pg.108]    [Pg.116]    [Pg.125]    [Pg.130]    [Pg.135]    [Pg.137]    [Pg.144]    [Pg.144]    [Pg.146]    [Pg.147]    [Pg.171]    [Pg.201]    [Pg.202]   
See also in sourсe #XX -- [ Pg.14 , Pg.33 ]



SEARCH



Digital signature scheme

Digital signatures

Example of interface events and entities if an ordinary digital signature scheme is modeled

Signature

Signature scheme

Standard ordinary digital signature scheme

© 2024 chempedia.info